3.7 Preferences Properties Table

The Preferences Properties Table provides tools to configure the parameters of the user’s SecureLogin environment, including applications permitted to be SSO-enabled and access to SecureLogin management and administration tools. Preference options, in addition to those provided in the Personal Management Utility, are provided in this table for directory management tools

Figure 3-12 Preferences Properties table

The Preferences Properties Table displays in the right pane after you click Preferences in the navigation tree.

Preferences are divided into the following categories:

You can:

3.7.1 Preferences Properties Table Fields

The following table describes the Preferences Properties Table fields:

Table 3-9 General Preferences

Item

Description

Comment

Allow users to activate or deactivated SSO through the system tray

Allows an administrator to prevent users from deactivating SSO through the SecureLogin icon on the task bar.

Not available in the Personal Management Utility.

Allow users to backup/restore

Enables or disables access to backup and restore user information.

Not available in the Personal Management Utility.

Allow users to change passphrase

Enables or disables access to change passphrase question and answer.

Not available in the Personal Management Utility.

Allow users to modify credentials through the GUI

Allows users to view their credentials but not modify them (by allowing “users to view passwords” and then by setting this preference to No).

Not available in the Personal Management Utility.

Allow users to modify names of applications and logins

Enables or disables access to change values in the Logins and Applications panes.

Not available in the Personal Management Utility.

Allow users to view and change preferences

Enables or disables the option to change preference values.

Setting the value to No displays a warning message.

We recommend you create a separate organizational unit for administrators to ensure they are not adversely affected by general user configuration at the OU level.

Not available in the Personal Management Utility.

Allow users to view and modify API preferences

Enables user access to API options displayed in the Preferences pane of the Personal Management Utility.

Contact Novell Technical Services for assistance with APIs.

Not available in the Personal Management Utility.

Allow users to view and modify application definitions

Enables or disables access to configure applications for SSO in the Applications pane.

Not available in the Personal Management Utility.

Allow users to view passwords

Enables or disables the Show Passwords button in the Details tab of the Applications pane of the Personal Management Utility.

Allowing users to view their passwords gives them an opportunity to view and record passwords if they need to reset their SecureLogin configuration. Resetting a user deletes all SecureLogin data including passwords and passphrase responses.

Not available in the Personal Management Utility.

Container has priority over User

The default setting is No. This value indicates that configuration settings made by the user take precedence over those set at the container level. Only for use in advanced stand-alone mode for the overwriting of locally applied scripts, settings and credentials by centrally created ones. This is for users who receive their encrypted and signed settings through the Distribution pane “signed and encrypted” method.

Not available in the Personal Management Utility.

Detect incorrect passwords

Detect incorrect passwords is, by default, set to Yes. Predefined applications generally include commands to respond to incorrect password dialogs; however, this preference enables SecureLogin to respond to incorrect passwords for Web applications.

 

Disable single sign-on

The default setting is No, however to prohibit any access to SecureLogin select Yes.

Not available in the Personal Management Utility.

Display the system tray icon

Enables or disables the SecureLogin icon on the system tray.

When the SecureLogin icon is active, you can double-click it to start the Personal Management Utility.

When the SecureLogin icon is inactive, users can still start the Personal Management Utility through the Windows Start menu, unless the option has been disabled during installation.

Not available in the Personal Management Utility.

Enable cache file

Enables the creating and updating of a SecureLogin cache file on the local workstation. This cache file stores all user configuration data local and inherited.

Set this value to:

  • Yes for mobile users.
  • No when storing files locally is not possible or conflicts with organization security policies.

 

Enable logging to Novell Audit

Allows the following events to automatically be sent to a Novell Audit server for the OU or user object against which this is set:

  • SSO client started
  • SSO client exited
  • SSO client activated by user
  • SSO client deactivated by user
  • Password provided to an application by a script
  • Password changed by the user in response to a changepassword command
  • Password changed automatically in response to a changepassword command

You can turn on/off the Novell Audit support with a SecureLogin preference.

You must install the Novell Audit platform on the client, and register the application ID and schema file on the server.

For more information, see the Novell Audit ID and schema files in the Tools folder of the SecureLogin distribution CD.

Not available in the Personal Management Utility.

Enable the New Login Wizard on the system tray icon

Enables users to create multiple SSO logons for different accounts on the same application or server using the Add New Login Wizard.

Not available in the Personal Management Utility.

Enforce passphrase use

After SecureLogin is installed, users are required to set up their passphrase authentication. This may require creating a question and response, or providing a response to a question you have created.

If this value is set to:

  • Yes, users must complete the set up of their passphrase before they can proceed with any other activity on the workstation.
  • No, users can click Cancel and will be prompted with the Passphrase dialog box each time they log on to the workstation until the passphrase is set.

Not available in the Personal Management Utility.

Enter API license key(s)

Enter the API license key provided by SecureLogin to activate API functionality for an application. Contact Novell Technical Services for help configuring APIs.

 

Password protect the system tray icon

Restricts the logged-in users from using the SecureLogin icon shortcut menu without their network password. This password cannot be manually created or changed.

 

Provide API access

Enables or disables API functionality. Contact Novell Technical Support for assistance in configuring APIs.

 

Set the cache refresh interval (in minutes)

The cache refresh interval defines the regularity (in minutes) of the synchronization of the user data and directory on the local workstation. The default value is five minutes. We recommend between 240 and 480 minutes (4 and 8 hours) depending on your network, number of users, and how often data changes.

Right-click the SecureLogin icon on the system tray, then point to Advanced, and click Refresh Cache to manually refresh the cache.

Stop walking here

Enables or disables inheritance of settings from higher level containers or organizational units.

Not available in the Personal Management Utility.

Select Yes during phased upgrades in which higher levels may have a different version of SecureLogin implemented. If inheritance of settings from higher levels is required, select No (the default).

Table 3-10 Java Preferences

Item

Description

Comment

Add application prompts for Java applications

Prompts for Java applications.

By default the Java option is set to No. If you plan to SSO-enable JavaScript logins and Java applications, set the value to Yes. (SecureLogin requires a Java Runtime Engine version 1.4 or later to SSO-enable Java-based logons.)

Allow single sign-on to Java applications

Allows SSO to Java applications.

To enable SSO access to the application type, ensure the value is set to Yes. To disable SSO to any applications of the selected type, set the value to No.

Table 3-11 Security Preferences

Item

Description

Comment

Allow access using passphrase when smart card not available

Allows the user to access SecureLogin by using a passphrase temporarily.

Not available in the Personal Management Utility.

Certificate selection criteria

Allows you to enter text to uniquely identify a certificate (within searchable fields only)

Not available in the Personal Management Utility.

Certificate type

Allows you to select an encryption or authentication certificate to encrypt user’s SSO information in the directory.

Not available in the Personal Management Utility.

Current certificate

Allows you to select a certificate other than the default certificate.

Not available in the Personal Management Utility.

Store SSO data on smart card

Allows you to store application credentials only on smart card.

Not available in the Personal Management Utility.

Use AES for SSO data encryption

Allows you to use AES instead of Triple DES for encrypting SSO data.

Not available in the Personal Management Utility.

Use passphrase for recovery of SSO credentials

Allows passphrase to be used for recovery of SSO credentials.We recommend that you select Yes if key escrow backup is not used.

Not available in the Personal Management Utility.

Use smart card to encrypt SSO data

Allows SSO data to be encrypted using the user’s PKI-based credentials, if enabled.

Not available in the Personal Management Utility.

Enable passphrase security system

Enable passphrase security system is, by default, set to Yes. Typically a user sets a passphrase when SecureLogin first runs. This option allows you to enable or disable user-defined passphrases.

Not available in the Personal Management Utility.

Table 3-12 Web Preferences

Item

Description

Comment

Add application prompts for Internet Explorer

Prompts for Internet Explorer

Prompts for both Internet Explorer and Netscape, but Netscape support is limited

Add application prompts for Mozilla Firefox

Prompts for Mozilla Firefox

If set to Yes, SecureLogin displays an application prompt confirmation message when it recognizes an application type. The prompt has three options: Yes, No, and Never.

Selecting:

  • Yes, SSO-enables the logon; SecureLogin saves the credentials entered.
  • No, stops SSO-enabling now, but the prompt displays the next time the Login dialog displays.
  • Never, ensures SecureLogin will not prompt to SSO for this Login dialog again.

Disabling the display of a SecureLogin automated prompt does not restrict users from SSO-enabling the applications.

Allow single sign-on to Internet Explorer

Allows SSO to Internet Explorer

To enable SSO access to the application type, ensure that the value is set to Yes. To disable SSO to any applications of the selected type, set the value to No.

Allow single sign-on Mozilla Firefox

Allows SSO to Mozilla Firefox

To enable SSO access to the application type, ensure the value is set to Yes. To disable SSO to any applications of the selected type, set the value to No.

Allow single sign-on to Netscape

Allows SSO to Netscape

To enable SSO access to the application type, ensure the value is set to Yes. To disable SSO to any applications of the selected type, set the value to No.

SecureLogin currently provides predefined applications for a range of Netscape applications but does not provide full support for all current Netscape functionality in the wizards. We recommend you manually create application definitions for Netscape applications since some functionality may be unavailable. Contact Novell Technical Services for help.

Table 3-13 Windows Preferences

Item

Description

Comment

Add application prompts for Windows applications

Prompts for Windows applications.

If set to Yes, SecureLogin displays an application prompt confirmation message when it recognizes an application type. The prompt has three options: Yes, No, and Never.

Selecting:

  • Yes, SSO-enables the logon; SecureLogin saves the credentials entered.
  • No, stops SSO-enabling now, but the prompt displays the next time the Login dialog displays.
  • Never, ensures SecureLogin will not prompt to SSO for this Login dialog again.

Disabling the display of a SecureLogin automated prompt does not restrict users from SSO-enabling the applications.

Allow single sign-on to Windows applications

Allows SSO to Windows applications.

To enable SSO access to the application type, ensure the value is set to Yes. To disable SSO to any applications of the selected type, set the value to No.